[Silicon Defense logo]

SnortSnarf alert page

Source: 125.173.33.185

SnortSnarf v021111.1

Signature section (210)Top 20 source IPsTop 20 dest IPs

4 such alerts found using input module SnortFileInput, with sources:
Earliest: 17:01:00.460835 on 07/24/2018
Latest: 17:01:01.492972 on 07/24/2018

2 different signatures are present for 125.173.33.185 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

125.173.33.185 (p1185-ipad412osakakita.osaka.ocn.ne.jp) Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade


[**] [1:46736:2] SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt [**]
[Classification: Web Application Attack] [Priority: 1]
07/24-17:01:00.460835 125.173.33.185:47143 -> 192.168.0.37:80
TCP TTL:48 TOS:0x0 ID:15201 IpLen:20 DgmLen:196 DF
***AP**F Seq: 0x42B1DD7F Ack: 0x0 Win: 0x0 TcpLen: 32
[Xref => http://seclists.org/fulldisclosure/2016/Feb/53]
[**] [1:31356:3] SERVER-WEBAPP Wordpress timthumb.php webshot source attack attempt [**]
[Classification: Web Application Attack] [Priority: 1]
07/24-17:01:00.460835 125.173.33.185:47143 -> 192.168.0.37:80
TCP TTL:48 TOS:0x0 ID:15201 IpLen:20 DgmLen:235 DF
***AP**F Seq: 0x42B1DF6F Ack: 0x0 Win: 0x0 TcpLen: 32
[Xref => http://cxsecurity.com/issue/WLB-2014060134]
[**] [1:46736:2] SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt [**]
[Classification: Web Application Attack] [Priority: 1]
07/24-17:01:01.492972 125.173.33.185:47156 -> 192.168.0.37:80
TCP TTL:48 TOS:0x0 ID:19076 IpLen:20 DgmLen:196 DF
***AP**F Seq: 0x444AA3B0 Ack: 0x0 Win: 0x0 TcpLen: 32
[Xref => http://seclists.org/fulldisclosure/2016/Feb/53]
[**] [1:31356:3] SERVER-WEBAPP Wordpress timthumb.php webshot source attack attempt [**]
[Classification: Web Application Attack] [Priority: 1]
07/24-17:01:01.492972 125.173.33.185:47156 -> 192.168.0.37:80
TCP TTL:48 TOS:0x0 ID:19076 IpLen:20 DgmLen:235 DF
***AP**F Seq: 0x444AA5A0 Ack: 0x0 Win: 0x0 TcpLen: 32
[Xref => http://cxsecurity.com/issue/WLB-2014060134]

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Nov 20 22:03:41 2018